I want to add a simple API key check to an Autobahn Python WebSocket server. The server should check the key in the HTTP header of a client and disconnect clients that don't have the correct key.
I have figured out a solution to this, but I'm not sure it is the best solution (see below). If anyone has suggestions, I'd appreciate it.
From the API Docs for the onConnect method:
Throw autobahn.websocket.types.ConnectionDeny when you don’t want to accept the WebSocket connection request.
You can see this done on line 117 of one of the examples here.
I have tested this and it does not close the connection cleanly. However you are terminating a connection with an unauthenticated client so you should not want to go through a closing handshake.
The onClose callback takes a wasClean argument which allows you to differentiate between clean and unclean connection closures.